UPDATE: MITRE CALDERA 2.3.0

PenTestIT RSS Feed A month ago, MITRE Caldera 2.2.0 was released and a couple of days back now MITRE CALDERA 2.3.0 was released as well. If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. A lot of changes have be...

Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering

Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Slides from the talk can be...

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. Sometime back, an update - the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always,...

[SECURITY] Fedora 29 Update: python36-3.6.9-1.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 30 Update: python36-3.6.9-1.fc30

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)

Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL...

python36:3.6 security update

An update is available for python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-nose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

Fedora Update for python36 FEDORA-2018-937e8a39c4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems

Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...

Semi-Automated Network Penetration Testing Framework: Legion

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...

[SECURITY] Fedora 29 Update: python36-3.6.8-3.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 29 Update: python36-3.6.8-1.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 29 Update: python36-3.6.7-1.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Python-Nubia - A Command-Line And Interactive Shell Framework

Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell aka. ldshell” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quic...

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

PT-2018-1947 · Libexpat +7 · Expat +7

Name of the Vulnerable Software and Affected Versions: Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15 Description: The issue is related to Python's elementtree C accelerator failing to initialize Expat's hash salt during initialization...

WebRTC - H264 NAL Packet Processing Type Confusion

Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...

Cred Scanner - A Simple File-Based Scanner To Look For Potential AWS Access And Secret Keys In Files

A simple command line tool for finding AWS credentials in files. Optimized for use with Jenkins and other CI systems. I suspect there are other, better tools out there such as git-secrets, but I couldn't find anything to run a quick and dirty scan that also integrates well with Jenkins. Usage: To...

Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...